Assignable Oracle ILOM User Roles
During the creation of Oracle ILOM user accounts, a system administrator assigns a set of privileges that grants users access to discrete functions and operations within Oracle ILOM. These privileges in Oracle ILOM are known as user roles.
Oracle ILOM provides up to six predefined user roles. A system administrator can assign roles to grant privileges to a user or to revoke privileges from a user.
In addition to user roles, Oracle ILOM provides user profiles known as Administrator, Operator, and Advanced Roles. These user profiles enable a system administrator to assign multiple privileges at a time to a single user.
A system administrator can use the Administrator or Operator profile to assign a set of predefined user roles to a single user account. Or, a system administrator can configure the Advanced Roles profile to assign any of the six predefined user roles to a single account.
All user privileges are assignable to a user account from the web interface or the CLI. For a description of privileges granted by a single profile or a user role, see the following tables:
- Table 3-3 Privileges Granted by a User Profile
- Table 3-4 Privileges Granted by Individual User Roles
Table 3-3 Privileges Granted by a User Profile
| Web Property | CLI Property | Privileges Granted by Profile |
|---|---|---|
| Administrator | administrator | The Administrator (administrator) profile is
predefined with the following user roles.
For a description of privileges granted by each user role, see Table 3-4. |
| Operator | operator | The Operator (operator) profile is
predefined with the following user roles:
For a description of privileges granted by each user role, see Table 3-4. |
| Advanced Roles | a|u|c|r|o|s | The Advanced Roles profile option is user-configurable from the web
interface only. The Advanced Roles profile option enables system administrators
to assign any of the following six user roles to a single user account:
Note: The same six user roles (a|u|c|r|o|s) are individually assignable to a single user account from the CLI. For a description of privileges granted by each user role, see Table 3-4. |
Table 3-4 Privileges Granted by Individual User Roles
| User Role | Privileges Granted |
|---|---|
Admin (a)
|
The Admin (a) user role, when enabled,
grants read and write permissions to all Oracle ILOM system management
functions with the exception of the functions that would require the Admin (a)
role to have these additional user roles enabled: User Management (u), Reset and Host Control (r), Console (c), and Service
(s).
|
User Management (u)
|
The User Management (u) user role, when
enabled, grants read and write permissions to all Oracle ILOM user management
authentication features.
|
Console (c)
|
The Console (c) user role, when enabled,
grants read and write permissions to perform these remote console management
functions: remote console lock options, SP console history log options, launch
and use Oracle ILOM Remote System Console, and launch and use Oracle ILOM
Storage Redirection CLI.
|
|
Reset and Host Control ( |
The Reset and Host Control (r) user role,
when enabled, grants read and write permissions to perform these host
management functions: host boot device control, run and configure diagnostics
utilities, reset SP, sub-component service actions, fault management
actions,and SPARC TPM management operations.
|
Read-Only (o)
|
The Read-Only (o) user role grants read-only
permissions to view the state of all Oracle ILOM configuration properties and
to change the account password assigned to the individual user account.
|
Service (s)
|
The Service (s) user role, when enabled,
grants read and write permissions to assist Oracle service engineers if on-site
service is required.
|
a|u|c|r|o
|
A combination of all these users roles (aucro), when enabled, grants read and write permissions to
perform backup and restore configuration functions in Oracle ILOM.
|